From 15dfa298126dcd1eeca8bc7f74b4c156504bc7ef Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Mon, 30 Sep 2024 12:19:10 -0400 Subject: [PATCH 1/3] Fix use of CryptoStream examples (#10470) --- .../System.Security.Cryptography/Aes/Overview/program.cs | 3 ++- .../AesCryptoServiceProvider/Overview/program.cs | 5 +++-- .../AesManaged/Overview/program.cs | 5 +++-- .../RijndaelManaged/Overview/class1.cs | 3 ++- 4 files changed, 10 insertions(+), 6 deletions(-) diff --git a/snippets/csharp/System.Security.Cryptography/Aes/Overview/program.cs b/snippets/csharp/System.Security.Cryptography/Aes/Overview/program.cs index 323143e13b3..ec6efe4516d 100644 --- a/snippets/csharp/System.Security.Cryptography/Aes/Overview/program.cs +++ b/snippets/csharp/System.Security.Cryptography/Aes/Overview/program.cs @@ -60,8 +60,9 @@ static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV) //Write all data to the stream. swEncrypt.Write(plainText); } - encrypted = msEncrypt.ToArray(); } + + encrypted = msEncrypt.ToArray(); } } diff --git a/snippets/csharp/System.Security.Cryptography/AesCryptoServiceProvider/Overview/program.cs b/snippets/csharp/System.Security.Cryptography/AesCryptoServiceProvider/Overview/program.cs index fc4fcb65cf0..259e3e5abc2 100644 --- a/snippets/csharp/System.Security.Cryptography/AesCryptoServiceProvider/Overview/program.cs +++ b/snippets/csharp/System.Security.Cryptography/AesCryptoServiceProvider/Overview/program.cs @@ -59,8 +59,9 @@ static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV) //Write all data to the stream. swEncrypt.Write(plainText); } - encrypted = msEncrypt.ToArray(); } + + encrypted = msEncrypt.ToArray(); } } @@ -115,4 +116,4 @@ static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] I // } } -// \ No newline at end of file +// diff --git a/snippets/csharp/System.Security.Cryptography/AesManaged/Overview/program.cs b/snippets/csharp/System.Security.Cryptography/AesManaged/Overview/program.cs index 153d42acf9e..3521111b374 100644 --- a/snippets/csharp/System.Security.Cryptography/AesManaged/Overview/program.cs +++ b/snippets/csharp/System.Security.Cryptography/AesManaged/Overview/program.cs @@ -59,8 +59,9 @@ static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV) //Write all data to the stream. swEncrypt.Write(plainText); } - encrypted = msEncrypt.ToArray(); } + + encrypted = msEncrypt.ToArray(); } } @@ -115,4 +116,4 @@ static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] I // } } -// \ No newline at end of file +// diff --git a/snippets/csharp/System.Security.Cryptography/RijndaelManaged/Overview/class1.cs b/snippets/csharp/System.Security.Cryptography/RijndaelManaged/Overview/class1.cs index 2310d25bcb1..d011097ee4e 100644 --- a/snippets/csharp/System.Security.Cryptography/RijndaelManaged/Overview/class1.cs +++ b/snippets/csharp/System.Security.Cryptography/RijndaelManaged/Overview/class1.cs @@ -70,8 +70,9 @@ static byte[] EncryptStringToBytes(string plainText, byte[] Key, byte[] IV) //Write all data to the stream. swEncrypt.Write(plainText); } - encrypted = msEncrypt.ToArray(); } + + encrypted = msEncrypt.ToArray(); } } From 6139eea3b1b331f639253fa0296955deec0421e7 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Mon, 30 Sep 2024 13:38:12 -0400 Subject: [PATCH 2/3] Fix AEAD algorithm documentation to indicate when AuthenticationTagMismatchException is thrown (#10471) --- xml/System.Security.Cryptography/AesCcm.xml | 6 ++++-- xml/System.Security.Cryptography/AesGcm.xml | 6 ++++-- xml/System.Security.Cryptography/ChaCha20Poly1305.xml | 6 ++++-- 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/xml/System.Security.Cryptography/AesCcm.xml b/xml/System.Security.Cryptography/AesCcm.xml index 1bb682ad7d5..650fc2e313c 100644 --- a/xml/System.Security.Cryptography/AesCcm.xml +++ b/xml/System.Security.Cryptography/AesCcm.xml @@ -212,7 +212,8 @@ The parameter length is not permitted by parameter length is not permitted by . The , , , or parameter is . - The tag value could not be verified, or the decryption operation otherwise failed. + The decryption operation failed. Prior to .NET 8, indicates the tag value could not be verified. + .NET 8 and later versions: the tag value could not be verified. @@ -280,7 +281,8 @@ The parameter length is not permitted by parameter length is not permitted by . - The tag value could not be verified, or the decryption operation otherwise failed. + The decryption operation failed. Prior to .NET 8, indicates the tag value could not be verified. + .NET 8 and later versions: the tag value could not be verified. diff --git a/xml/System.Security.Cryptography/AesGcm.xml b/xml/System.Security.Cryptography/AesGcm.xml index aaf54de529f..cafa017f847 100644 --- a/xml/System.Security.Cryptography/AesGcm.xml +++ b/xml/System.Security.Cryptography/AesGcm.xml @@ -305,7 +305,8 @@ The parameter length is not permitted by parameter length is not permitted by . The , , , or parameter is . - The tag value could not be verified, or the decryption operation otherwise failed. + The decryption operation failed. Prior to .NET 8, indicates the tag value could not be verified. + .NET 8 and later versions: the tag value could not be verified. @@ -373,7 +374,8 @@ The parameter length is not permitted by parameter length is not permitted by . - The tag value could not be verified, or the decryption operation otherwise failed. + The decryption operation failed. Prior to .NET 8, indicates the tag value could not be verified. + .NET 8 and later versions: the tag value could not be verified. diff --git a/xml/System.Security.Cryptography/ChaCha20Poly1305.xml b/xml/System.Security.Cryptography/ChaCha20Poly1305.xml index 164dee010ae..11ef86e358c 100644 --- a/xml/System.Security.Cryptography/ChaCha20Poly1305.xml +++ b/xml/System.Security.Cryptography/ChaCha20Poly1305.xml @@ -183,7 +183,8 @@ The parameter length is not 12 bytes (96 bits). The parameter length is not 16 bytes (128 bits). The , , , or parameter is . - The tag value could not be verified, or the decryption operation otherwise failed. + The decryption operation failed. Prior to .NET 8, indicates the tag value could not be verified. + .NET 8 and later versions: the tag value could not be verified. @@ -238,7 +239,8 @@ The parameter length is not 12 bytes (96 bits). -or- The parameter length is not 16 bytes (128 bits). - The tag value could not be verified, or the decryption operation otherwise failed. + The decryption operation failed. Prior to .NET 8, indicates the tag value could not be verified. + .NET 8 and later versions: the tag value could not be verified. From 45b1ff36473807659af5aee4b3a934fdb465a1b4 Mon Sep 17 00:00:00 2001 From: Kevin Jones Date: Mon, 30 Sep 2024 18:23:47 -0400 Subject: [PATCH 3/3] Remove over-specific and incorrect documentation about HMAC key lengths --- xml/System.Security.Cryptography/IncrementalHash.xml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/xml/System.Security.Cryptography/IncrementalHash.xml b/xml/System.Security.Cryptography/IncrementalHash.xml index ac0d12216b7..0b78fe3eaf8 100644 --- a/xml/System.Security.Cryptography/IncrementalHash.xml +++ b/xml/System.Security.Cryptography/IncrementalHash.xml @@ -449,13 +449,7 @@ The name of the hash algorithm to perform within the HMAC. - - The secret key for the HMAC. The key can be any length, but a key longer than the output size - of the hash algorithm specified by will be hashed (using the - algorithm specified by ) to derive a correctly-sized key. Therefore, - the recommended size of the secret key is the output size of the hash specified by - . - + The secret key for the HMAC. Create an for the Hash-based Message Authentication Code (HMAC) algorithm utilizing the hash algorithm specified by , and a @@ -513,7 +507,7 @@ The name of the hash algorithm to perform within the HMAC. - The secret key for the HMAC. The key can be any length, but a key longer than the output size of the hash algorithm specified by will be hashed (using the algorithm specified by ) to derive a correctly-sized key. Therefore, the recommended size of the secret key is the output size of the hash specified by . + The secret key for the HMAC. Create an for the Hash-based Message Authentication Code (HMAC) algorithm utilizing the hash algorithm specified by , and a key specified by . A hash instance to compute the hash algorithm specified by . To be added.